Based on reporting by The Hacker News →
Introduction
When the very people tasked with investigating spyware become its targets, the system meant to hold surveillance accountable reveals a critical flaw. A new forensic analysis shows that a Member of the European Parliament serving on a spyware inquiry committee was repeatedly compromised by the same kind of commercial surveillance tool he was investigating.
The problem
According to a report from The Hacker News, the Citizen Lab has disclosed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly infected with the Pegasus spyware. The attacks occurred while Kouloglou was actively serving on a parliamentary committee created to investigate the abuse of commercial surveillance tools within the European Union. Forensic analysis of his device confirmed that attackers could have extracted sensitive data from his phone over an extended period.
Consequences
The direct consequence is the potential compromise of sensitive legislative deliberations, internal committee strategy, and personal communications of a sitting MEP. On a broader level, this breach erodes trust in the integrity of parliamentary oversight mechanisms. If investigators themselves cannot be protected from the very tools they are scrutinizing, it signals a profound vulnerability in the security posture of high-value political targets throughout the bloc.
Causes
The root cause is the combination of an advanced, zero-click spyware vector (Pegasus) and inadequate mobile device security for high-risk political personnel. The attacker—still unidentified—exploited a known capability of the spyware to infect mobile devices without requiring the victim to click a malicious link, bypassing conventional user-awareness defenses. The targeting of an MEP on a surveillance oversight committee suggests a deliberate effort to undermine the investigation from within.